[databases]
{% for pool in pgbouncer_pools %}
{%   set params = [] %}
{%   if pool.pool_parameters is string %}
{%     set _ = params.append(pool.pool_parameters) %}
{%   elif pool.pool_parameters is mapping %}
{%     for k, v in pool.pool_parameters.items() %}
{%       set _ = params.append(k ~ '=' ~ v) %}
{%     endfor %}
{%   endif %}
{{ pool.name }} = host={{ postgresql_unix_socket_dir }} port={{ postgresql_port }} dbname={{ pool.dbname }} {{ params | join(' ') }}
{% endfor %}

* = host={{ postgresql_unix_socket_dir }} port={{ postgresql_port }}

[pgbouncer]
logfile = {{ pgbouncer_log_dir }}/pgbouncer{{ '-%d' % (idx + 1) if idx > 0 else '' }}.log
pidfile = /run/pgbouncer{{ '-%d' % (idx + 1) if idx > 0 else '' }}/pgbouncer.pid
listen_addr = {{ pgbouncer_listen_addr | default('0.0.0.0') }}
listen_port = {{ pgbouncer_listen_port | default(6432) }}
unix_socket_dir = /var/run/pgbouncer{{ '-%d' % (idx + 1) if idx > 0 else '' }}
auth_type = {{ pgbouncer_auth_type }}
{% if pgbouncer_auth_user | bool %}
auth_user = {{ pgbouncer_auth_username }}
auth_dbname = {{ pgbouncer_auth_dbname }}
auth_query = SELECT usename, passwd FROM user_search($1)
{% else %} 
auth_file = {{ pgbouncer_conf_dir }}/userlist.txt
{% endif %}
admin_users = {{ pgbouncer_admin_users }}
stats_users = {{ pgbouncer_stats_users }}
ignore_startup_parameters = {{ pgbouncer_ignore_startup_parameters }}

pool_mode = {{ pgbouncer_default_pool_mode }}
server_reset_query = DISCARD ALL
max_client_conn = {{ pgbouncer_max_client_conn }}
default_pool_size = {{ pgbouncer_default_pool_size }}
query_wait_timeout = {{ pgbouncer_query_wait_timeout }}
reserve_pool_size = 1
reserve_pool_timeout = 1
max_db_connections = {{ pgbouncer_max_db_connections }}
pkt_buf = 8192
listen_backlog = 4096
max_prepared_statements = {{ pgbouncer_max_prepared_statements }}
so_reuseport = 1
{% if tls_cert_generate | default(false) | bool %}
{% if pgbouncer_client_tls_sslmode | default('require') != 'disable' %}
client_tls_sslmode = {{ pgbouncer_client_tls_sslmode | default('require') }}
client_tls_key_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_client_tls_key_file | default(tls_privatekey | default('server.key')) }}
client_tls_cert_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_client_tls_cert_file | default(tls_cert | default('server.crt')) }}
client_tls_ca_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_client_tls_ca_file | default(tls_ca_cert | default('ca.crt')) }}
client_tls_protocols = {{ pgbouncer_client_tls_protocols | default('secure') }}
client_tls_ciphers = {{ pgbouncer_client_tls_ciphers | default('secure') }}
{% endif %}
{% if pgbouncer_server_tls_sslmode | default('require') != 'disable' %}
server_tls_sslmode = {{ pgbouncer_server_tls_sslmode | default('require') }}
server_tls_key_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_server_tls_key_file | default(tls_privatekey | default('server.key')) }}
server_tls_cert_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_server_tls_cert_file | default(tls_cert | default('server.crt')) }}
server_tls_ca_file = {{ pgbouncer_tls_dir | default('/etc/tls') }}/{{ pgbouncer_server_tls_ca_file | default(tls_ca_cert | default('ca.crt')) }}
server_tls_protocols = {{ pgbouncer_server_tls_protocols | default('secure') }}
server_tls_ciphers = {{ pgbouncer_server_tls_ciphers | default('secure') }}
{% endif %}
{% endif %}
log_connections = 0
log_disconnections = 0

# Documentation https://pgbouncer.github.io/config.html
